Drop the received frame if decryption failed and mac80211 can not
handle it.
Signed-off-by: Xing Song <[email protected]>
---
v2: check for cipher mismatch or frame format error
---
drivers/net/wireless/mediatek/mt76/mt7603/mac.c | 4 ++++
drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 8 +++++++-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 8 +++++++-
drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 8 +++++++-
4 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7603/mac.c b/drivers/net/wireless/mediatek/mt76/mt7603/mac.c
index fe03e31989bb..b6f2366d155e 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7603/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7603/mac.c
@@ -525,6 +525,10 @@ mt7603_mac_fill_rx(struct mt7603_dev *dev, struct sk_buff *skb)
if (rxd2 & MT_RXD2_NORMAL_TKIP_MIC_ERR)
status->flag |= RX_FLAG_MMIC_ERROR;
+ /* ICV error or CCMP/BIP/WPI MIC error */
+ if (rxd2 & MT_RXD2_NORMAL_ICV_ERR)
+ return -EINVAL;
+
if (FIELD_GET(MT_RXD2_NORMAL_SEC_MODE, rxd2) != 0 &&
!(rxd2 & (MT_RXD2_NORMAL_CLM | MT_RXD2_NORMAL_CM))) {
status->flag |= RX_FLAG_DECRYPTED;
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
index 423f69015e3e..10896cb35dd5 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
@@ -286,9 +286,15 @@ static int mt7615_mac_fill_rx(struct mt7615_dev *dev, struct sk_buff *skb)
if (rxd2 & MT_RXD2_NORMAL_AMSDU_ERR)
return -EINVAL;
+ hdr_trans = rxd1 & MT_RXD1_NORMAL_HDR_TRANS;
+
+ /* MT_RXD2_NORMAL_ICV_ERR: ICV error or CCMP/BIP/WPI MIC error */
+ if ((rxd2 & MT_RXD2_NORMAL_ICV_ERR) ||
+ (hdr_trans && (rxd2 & (MT_RXD2_NORMAL_CLM | MT_RXD2_NORMAL_CM))))
+ return -EINVAL;
+
unicast = (rxd1 & MT_RXD1_NORMAL_ADDR_TYPE) == MT_RXD1_NORMAL_U2M;
idx = FIELD_GET(MT_RXD2_NORMAL_WLAN_IDX, rxd2);
- hdr_trans = rxd1 & MT_RXD1_NORMAL_HDR_TRANS;
status->wcid = mt7615_rx_get_wcid(dev, idx, unicast);
if (status->wcid) {
diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
index 5fcf35f2d9fb..02e5ce4cc71d 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7915/mac.c
@@ -426,9 +426,15 @@ mt7915_mac_fill_rx(struct mt7915_dev *dev, struct sk_buff *skb)
if (rxd2 & MT_RXD2_NORMAL_AMSDU_ERR)
return -EINVAL;
+ hdr_trans = rxd2 & MT_RXD2_NORMAL_HDR_TRANS;
+
+ /* MT_RXD1_NORMAL_ICV_ERR: ICV error or CCMP/BIP/WPI MIC error */
+ if ((rxd1 & MT_RXD1_NORMAL_ICV_ERR) ||
+ (hdr_trans && (rxd1 & (MT_RXD1_NORMAL_CLM | MT_RXD1_NORMAL_CM))))
+ return -EINVAL;
+
unicast = FIELD_GET(MT_RXD3_NORMAL_ADDR_TYPE, rxd3) == MT_RXD3_NORMAL_U2M;
idx = FIELD_GET(MT_RXD1_NORMAL_WLAN_IDX, rxd1);
- hdr_trans = rxd2 & MT_RXD2_NORMAL_HDR_TRANS;
status->wcid = mt7915_rx_get_wcid(dev, idx, unicast);
if (status->wcid) {
diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
index db3302b1576a..9c814ef9c0ba 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/mac.c
@@ -428,10 +428,16 @@ mt7921_mac_fill_rx(struct mt7921_dev *dev, struct sk_buff *skb)
if (rxd2 & MT_RXD2_NORMAL_AMSDU_ERR)
return -EINVAL;
+ hdr_trans = rxd2 & MT_RXD2_NORMAL_HDR_TRANS;
+
+ /* MT_RXD1_NORMAL_ICV_ERR: ICV error or CCMP/BIP/WPI MIC error */
+ if ((rxd1 & MT_RXD1_NORMAL_ICV_ERR) ||
+ (hdr_trans && (rxd1 & (MT_RXD1_NORMAL_CLM | MT_RXD1_NORMAL_CM))))
+ return -EINVAL;
+
chfreq = FIELD_GET(MT_RXD3_NORMAL_CH_FREQ, rxd3);
unicast = FIELD_GET(MT_RXD3_NORMAL_ADDR_TYPE, rxd3) == MT_RXD3_NORMAL_U2M;
idx = FIELD_GET(MT_RXD1_NORMAL_WLAN_IDX, rxd1);
- hdr_trans = rxd2 & MT_RXD2_NORMAL_HDR_TRANS;
status->wcid = mt7921_rx_get_wcid(dev, idx, unicast);
if (status->wcid) {
--
2.18.0
On 2021-11-10 03:54, Xing Song wrote:
> Drop the received frame if decryption failed and mac80211 can not
> handle it.
>
> Signed-off-by: Xing Song <[email protected]>
What happens if decryption failed? Do we receive the encrypted packets?
If so, I think we should return -EINVAL only if we don't have any
monitor mode interfaces. If monitor mode is active, we should probably
just clear RX_FLAG_DECRYPTED instead.
- Felix